
AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

1 \ 1 . (Currently amended) A method for managing a database system, 

2 comprising: 

3 receiving a command to perform an administrative function involving an 

4 object defined within the database system; 

5 detemiining if the object is a sensitive object that is associated with 

6 security functions in the database system, wherein the sensitive object can include 

7 a sensitive row Vithin a table in the database system, wherein the sensitive row 

8 contains sensitivAdata, and wherein other rows in the table need not contain 

9 sensitive data ; \ 



1 0 if the object ffe not a sensitive object, and if the command is received from 

1 1 a normal database administrator for the database system, allowing the 

1 2 administrative functionuo proceed; and 

1 3 if the object is a Sensitive object, and if the command is received from a 

14 normal system administrator, disallowing the administrative function. 

1 2. (Original) The me\hod of claim 1, further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; \ 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received froiAa sensitive user who is empowered to access 

6 sensitive data, allowing the operatita to proceed if the sensitive user has access 

7 rights to the data item; and \ 

8 if the data item is a sensitive dVta item and the request is received from a 

9 normal user, disallowing the operationA 
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1 \3 . (Original) The method of claim 2, wherein if the data item is a sensitive 

2 data itenY if the operation is allowed to proceed, and if the operation involves 

3 retrieval o\the data item, the method further comprises decrypting the data item 

4 using an encryption key after the data item is retrieved. 

1 4. (Original) The method of claim 3, wherein the encryption key is stored 

2 along with a tattle containing the data item. 

1 5 . (Origina\) The method of claim 4, wherein the encryption key is stored 

2 in encrypted form. 
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6. (Currently amended) The method of claim 1, wherein the sensitive 

object can include one ofc 

a sensitive table containing sensitive data in the database system; 

a sensitive row witffln a table in the database system, wherein tho sensitive 
row contains sensitive data; and 

an object that represent, a sensitive user of the database system who is 
empowered to access sensitive flata.. 



1 7. (Original) The method df claim 1 , wherein if the object is not a sensitive 

2 object, and if the command to perfoW the administrative function is received 

3 from a security officer, the method fuVther comprises allowing the security officer 

4 to perform the administrative functionW the object. 
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8. (Original) The method of claim\l, 

wherein the database system includes a number of sensitive data items; 



and 
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4 \ wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 <X (Currently amended) A computer-readable storage medium storing 

2 instructiorib that when executed by a computer cause the computer to perform a 

3 method for Managing a database system, the method comprising: 

4 receipting a command to perform an administrative function involving an 

5 object definedWithin the database system; 

6 determining if the object is a sensitive object that is associated with 

7 security functions^ the database ^tem 1 wherein the sensitive object can include 

8 a sensitive row withkn a table in the database system, wherein the sens itive row 

9 contains sensitive data and wherein other rows in the table need not contain 

10 sensitive data ; 

1 1 if the object is nofta sensitive object, and if the command is received from 

1 2 a normal database administrator for the database system, allowing the 

1 3 administrative function to proceed; and 

14 if the object is a sensitive object, and if the command is received from a 

1 5 normal system administrator, disallowing the administrative function. 



1 1 0. (Original) The computer-readable storage medium of claim 9, wherein 

2 the method further comprises : 

3 receiving a request to perforAi an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive dka item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the data item; and 

5^ 
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9 \ if the data item is a sensitive data item and the request is received from a 

1 0 normal Viser, disallowing the operation. 

1 1 lAOriginal) The computer-readable storage medium of claim 1 0, 

2 wherein if thfe data item is a sensitive data item, if the operation is allowed to 

3 proceed, and i\the operation involves retrieval of the data item, the method 

4 further comprises decrypting the data item using an encryption key after the data 

5 item is retrieved. 

1 12. (Original The computer-readable storage medium of claim 1 1 , 

2 wherein the encryptidh key is stored along with a table containing the data item. 

1 13. (Original) Tfte computer-readable storage medium of claim 1 2, 

2 wherein the encryption key is stored in encrypted form. 
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14. (Currently amenfled) The computer-readable storage medium of claim 
9, wherein the sensitive object can include one of: 

a sensitive table containing sensitive data in the database system; 

a sensitive row within atpblo in the database system, wherein the oonoitive 
row contains sensitive data; and 

an object that represents a sensitive user of the database system who is 
empowered to access sensitive data..^ 

15. (Original) The computer-readable storage medium of claim 9, wherein 
if the object is not a sensitive object, and if the command to perform the 
administrative function is received from k security officer, the method further 
comprises allowing the security officer to perform the administrative function. 

6 
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1 \6. (Original) The computer-readable storage medium of claim 9, 

2 herein the database system includes a number of sensitive data items; 

3 and 

4 wheVein only specific sensitive users are allowed to access a given 

5 sensitive dat&item. 

1 17. (CuAf ntly amended) An apparatus for managing a database system, 

2 comprising: 

3 a commandVeceiving mechanism that is configured to receive a command 

4 to perform an administrative function involving an object defined within the 

5 database system; 

6 an execution mechanism that is configured to, 

7 determine if the object is a sensitive object that is 

8 associated with security functions in the database system, wherein 

9 the sensitive object can include a sensitive row within a table in the 

10 database system, wherein the sensitive row contai ns sensitive data. 

11 and wherein other rows in the table need not cont ain sensitive data, 

1 2 allow the administrative function to proceed, if the object is 

13 not a sensitive object, and if the command is received from a 

14 normal database administrator for the database system, and to 

1 5 disallow the administrative function, if the object is a 

1 g sensitive object, and if thf command is received from a normal 

1 7 system administrator. 

1 18. (Original) The apparatus of claiiia 1 7, 

2 wherein the command receiving mechanism is configured to receive a 

3 request to perform an operation on a data itemW the database system; 

7 
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Vherein the execution mechanism is configured to, 

allow the operation to proceed, if the data item is a 
sensitive data item, if the request is received from a sensitive user 
who is empowered to access sensitive data, and if the sensitive user 
has access rights to the data item, and to 

disallow the operation, if the data item is a sensitive data 
il£m, and if the request is received from a normal user. 



1 19. (Original) The apparatus of claim 1 8, further comprising a decryption 

2 mechanism, whereiAif the data item is a sensitive data item, if the operation is 

3 allowed to proceed, aAd if the operation involves retrieval of the data item, the 

4 decryption mechanism k configured to decrypt the data item using an encryption 

5 key after the data item isVetrieved 

1 20. (Original) The apparatus of claim 19, wherein the encryption key is 

2 stored along with a table containing the data item. 

1 21. (Original) The apparatus of claim 20, wherein the encryption key is 

2 stored in encrypted form. 

1 22. (Currently amended) The apparatus of claim 1 7, wherein the sensitive 

2 object can include one of: 
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a sensitive table containing sensitive data in the database system; 
a sensitive row within a table in th\databaso system, wherein th e se n s itive 
row contains sensitive data; and 

an object that represents a sensitive uW of the database system who is 



7 empowered to access sensitive data.. 



8 



EJG E:\Oracle Corporation\OR00-14001\Amendment A OR00-14001.doc 



1 \ 23. (Original) The apparatus of claim 17, wherein if the object is not a 

2 sensitive object, and if the command to perform the administrative function is 

3 receivedVfrom a security officer, the execution mechanism is configured to allow 

4 the security officer to perform the administrative function. 
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24. (Original) The apparatus of claim 17, 

whereiV the database system includes a number of sensitive data items; 



wherein daily specific sensitive users are allowed to access a given 
sensitive data iter 
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